To get access to your precious Cisco ASA 5510 firewall via SSH ssh or http seems to be an easy task. But sometimes it turns into a dilema.
access your firewall via terminal and configure your management link port:
! interface Management0/0 speed 100 duplex full nameif MGMTLINK security-level 100 ip address 192.168.73.250 255.255.255.128 management-only
Now it es necessary to create a user:
username admin password cisco
Further the access for SSH needs to be configured:
! AAA will be configured to do the user authentication ASA_5510(config)# aaa authentication ssh console LOCAL ASA_5510(config)# ssh 192.168.0.0 255.255.255.0 MGMTLINK ! Permit ssh access to firewall from specified ip or subnet, inside ASA_5510(config)# domain-name TEST.ORG ! Add a Domain-name needed for the RSA key generation. You can think of any kind of name only relevant for the certificate ASA_5510(config)# crypto key generate rsa modulus 2048
Now you are able to access you Cisco ASA via the management IP address.
Usually this works out of the box. But to be sure the following entries should be done also:
aaa authentication http console LOCAL http server enable http 192.168.0.0 255.255.0.0 MGMTLINK
I have a hole bunch of networks in the 192.168.0.0/16 Area. this is the reason why I did not specify the IP addresses further. To be sure and in a productive environment bring it as close as possible to your admin workstation IP address.